Hi, I can't speak for Richard Koenning, or the core OpenSSL team, but, from my position as a contributor of the AS/400-iSeries-i5 port, which also relies on the EBCDIC patches, I can imagine that the core team will only include these in the main development threads if there is somebody who can be guaranteed to test them, and do further code revisions, when this is required, and especially for every new release, which is more than I am able to do.
It's the usual thing. If you announce support for a platform, you have to do it comprehensively and reliably - you shouldn't be half-arsed about it. So for platforms that do not have official support, patches are used to provide semi-official support. G. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Chu Sent: 14 December 2007 00:57 To: [email protected] Subject: Re: [openssl.org #1621] [PATCH] - OS390-Unix (EBCDIC) 0.9.7m It's a bit disappointing, considering I first wrote those patches back in 2002. It would be nice if someone could comment on what's preventing them from getting incorporated. JBYTuna wrote: > Richard, > > Oh my. So, these patches have not been incorporated? Will they ever > get incorporated? > > We did not know these patches existed. We've been chasing this > problem for a couple of years now. Because we've never received > response to postings with regard to this problem, we felt we were on our own. > > We WERE using 0.9.7d, when the problem arose. I've submitted two > patches, same patch, but for 97m and 98e. (of course, the patches I've > submitted only solve OUR problem, and probably don't address the issue > to the extent the patches that have already been created) > > As the existing patches do not fit directly into 97d and 98e (for 64 > bit), I'm not sure how to proceed. Because of several platforms > involved, in addition to z/OS (OS390-Unix), we need to use these > releases of OpenSSL for our new release. > > Any advice you might offer would be greatly appreciated. > > Thanks, > John B. Young > --- Richard Koenning <[EMAIL PROTECTED]> wrote: > >> JBYTuna via RT wrote: >> >>> When an OpenSSL server built on z/OS is using client verification, >>> the following error is incurred: >>> >>> 0x140890b2 - error:140890B2:SSL >>> routines:SSL3_GET_CLIENT_CERTIFICATE:no >>> certificate returned >>> >>> >From tracing, we found the correct certificate was being returned. >>> >We >> found >>> the code in crypto/x509/x509_vfy.c will not work in an EBCDIC >>> environment, >> as >>> the data is in ASCII. The solution is to translate the ASCII to >>> EBCDIC, >> prior >>> to the validation process. >>> >>> John B. Young >>> >>> Here's the patch, in diff -u form: >> The patch is already contained in "#843: EBCDIC patches for 0.9.7c" >> (http://rt.openssl.org/Ticket/Display.html?id=843&user=guest&pass=gue >> st), which has been updated to 0.9.7j by Jeremy Grieshop. That patch >> contains also a second ASCII to EBCDIC conversion after the >> X509_time_adj in the region of line 960. >> Ciao, >> Richard >> -- >> Dr. Richard W. Könning >> Fujitsu Siemens Computers GmbH >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List [email protected] >> Automated List Manager [EMAIL PROTECTED] >> > > > > > ______________________________________________________________________ > ______________ Looking for last minute shopping deals? > Find them fast with Yahoo! Search. > http://tools.search.yahoo.com/newsearch/category.php?category=shopping > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
